cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1881
Views
5
Helpful
10
Replies

Preferential Routing

cisco
Level 1
Level 1

Hi,

I have two SPs on my network . From SP_A i am taking STM-1 and from SP_B its DS3. Now my company doesnt have Service Provider independent public addresses. 

I want to use STM-1 from SP_A as the primary link in case if this goes down then only traffic should come via SP_B.

I have 10 webserver which are being accessed by external internet users.

What i am planning to do static NAT for all these 10 webserver to both the SP's public addresses.

i.e.     LAN IPs              SP_A               SP_B

Server-1 10.0.0.1         X.X.X.1          Y.Y.Y.1

Server-2 10.0.0.2         X.X.X.2          Y.Y.Y.2

likewise for rest 8 servers.

Now i want preference via  SP_A link to access these 10 server , do i have to do something on DNS servers ? if yes then DNS server of my company or DNS server of SPs ?

regards

Neo

10 Replies 10

cisco
Level 1
Level 1

Hi ,

Any help will be apperciated.

regards

Neo    

Marwan ALshawi
VIP Alumni
VIP Alumni

Hi Neo,

first of all how do you exchange the routing with your ISPs is it BGP ?

and from my undestanding is that you have serverfarm and those servers have public IPs from ISPA and diffrent IPs from ISPB

with DNS it can be done but not very experieinced with it howevr have a look at the bellow  link, but the ISP DNS could do it in addition to your DNS

http://www.wight-hat.com/guides/hosting/load-balanced-and-redundant-server-network/

also when you do static nat with diffrent public IPs using same source IP over diffrent exit interfaces try to use a route-map that match the exit interface per NAT statment

Example:

route-map ISPA
match interface fa1/1

route-map ISPB
match interface fa2/1

ip nat inside source static 10.1.1.1 100.1.1.1 route-map ISPA
ip nat inside source static 10.1.1.1 200.1.1.1 route-map ISPB

HTH

if helpful Rate

Mohamed Sobair
Level 7
Level 7

Hello,

From what I understood and based on your description, those webservers will be assigned public IP's from ISP A segment.

In this case, its certainly not possible because when the primary link goes down, then a manual intervention is needed to change the DNS entry on the dns server (the A records).

All solutios talks about IOS NAT loadbalancing and redundancy when you have NAT , and this is certainly possibly. But the problem comes when you have static webservers or email server reside inside your network that needs DNS records.

I have one solution though, it's basically a device that do inbound/outbound redundancy and loadbalancing , it's also works as an authoritative dns server so all your mapping and dns records are configured on this device.

Are you willing to purchase a nother device?

Please see below link :

www.ecessa.com

Regards,

Mohamed

Sent from Cisco Technical Support iPhone App

Hi Mohamed

why it is not possible to have redundant DNS entry ( multiple IPs per DNS name ) ?

i beleive it is one of the loadbalancing and redundancy methods of haveing multiple Datacenters and servers which is geeogrphiucaly located for redundancy and load sharing

such as The Cisco ACE GSS 4400 Series Global Site Selector (GSS), or on the server or application level too

- Neo ,  

here is a gudie that might be useful to have a look at, and consider the NATing example provided above too

Configure ISP Redundancy— Step by Step

http://microsoftguru.com.au/2011/04/26/ff-tmg-2010-configure-isp-redundancy-step-by-step/

HTH

pls rate the helpful posts

Mohamed Sobair
Level 7
Level 7

Marwan,

If the traffic is normal Internet traffic, then iOS NAT loadbalancing and redundancy would suffice.

However, if you have Webservers that needs (a records) on the ISP Dns server, then its not possible. The reason is because only ONE a record (name to ip address mapping) can be created at a time. If the main ISP link goes

Sent from Cisco Technical Support iPhone App

Mohamed Sobair
Level 7
Level 7

Sorry to continue,

If it's down , then the outside world would still point to the same ISP resulting in a packet being eventually dropped.

Unlike MX records which is used for exchange servers, you can have multiple entries per ip address with different priorities. But with webservers ,this is not possible.

If you have setup or worked on DNS servers , it should be known. hence,I have proposed different approach.

Unfortunately,, your suggestion of using ACE is not applicable and wouldn't be a solution for him as he is not looking for application redundancy as much as DNS issue.

I hope this clarifies my point

Regards,

Mohamed

Sent from Cisco Technical Support iPhone App

Hi Neo,

I would suggest you to have two DNS records for high availability purpose. I have the same kind of setup and working fine without any issues.
There is some kind of priority set in the DNS record like primary ISP_A and if primary down secondary ISP_B will take the path. This is like A record priority.


Please rate the helpfull posts.
Regards,
Naidu.

Thanks Naidu 5+ to confirm this setup as i was thinking it can be done this way but never done this way before  thats why i was not sure 100%

in this case Neo you need to get you DNS setup in the right way first then have your NATing configured using the example above

good luck

pls rate the helpful posts

Hi Marwan,

You are most welcome and Yes that should work for Neo.
He need to make sure the below things...

1. Nating needs to be done individually with two different public IP's (Say in my case I have two Firewalls active/standby and a DMZ server have nated with different IP's (ISP_1 & ISP_2) in two Firewalls like below...

static (inside,outside) 197.197.197.11 10.27.9.41 netmask 255.255.255.255 --->Firewall 1 --->ISP-1
static (inside,outside) 206.206.206.57 10.27.9.41 netmask 255.255.255.255 --->Firewall 2 --->ISP-2

2. Neo need to contact his ISP who managing his A records and ask them to creat redundant A record by giving priority to IP which learning from his ISP-1

So that if the priority IP which learning through ISP-1 is unreachable then the second one which learning through ISP-2 will start resolving and take path.


Neo, Hope the above will be understand and clear you...

Gud luck
Please rate the helpfull posts.
Regards,
Naidu.

Hi Mohamed / Naidu / Marwan,

Thanks for your valuable time on replying. After going through your posts , i did my search as well and after going through this URL . Mohamed is some what right about publishing multiple IP address pointing to single Domain name that it may cause problem when the link is down.

                                        But then for how long that website will be down depends on the TTL configured , so

Naidu / Marwan are also right that it is somewhat workable solution but for small enterprises.

thanks again all for your valuable contribution .

regards

Neo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco